Bil,
> Here's an example of using AJAX to log out a user via HTTP Auth:
>
> http://www.corry.biz/logout_demo/
Oh, nice, I hadn't thought of this before. To summarize, you just set
up a page within the protection space which always returns a 200 code
and then access it via XMLHttpRequest with a bogus password. What
browsers have you tested this on?
So it appears with logins and logouts, AJAX + response code hacks are
possible to make this work right now. I still think an HTTP-level
session termination mechanism is worthwhile for user agents that don't
want to rely on JavaScript, but for most developers, this could be the
missing piece to make HTTP auth usable again.
thanks!
tim